80 likes | 336 Vues
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title: [Secure Ranging Definitions and Interoperability] Date Submitted: [ 16 January 2019 ] Source: Dr. Boris Danev [3db Access, Switzerland ], Prof. Dr. Srdjan Capkun [ETH Zurich, Switzerland]
E N D
Project: IEEE P802.15 Working Group for Wireless Personal Area Networks (WPANs) Submission Title:[Secure Ranging Definitions and Interoperability] Date Submitted: [16 January 2019] Source:Dr. Boris Danev[3db Access, Switzerland], Prof. Dr. SrdjanCapkun[ETH Zurich, Switzerland] Re:[Changes proposal for the LRP/HRP UWB PHY] Abstract:[Contribute to a proposal to the enhanced impulse radio group w.r.t. 4z Security ] Purpose:[Discussion, current 4z LRP/HRP Security, definitions, questions, interoperability] Notice: This document has been prepared to assist the IEEE P802.15. It is offered as a basis for discussion and is not binding on the contributing individual(s) or organization(s). The material in this document is subject to change in form and content after further study. The contributor(s) reserve(s) the right to add, amend or withdraw material contained herein. Release: The contributor acknowledges and accepts that this contribution becomes the property of IEEE and may be made publicly available by P802.15.
Scope • Discussion on LRP/HRP Security including Security Definitions & Interoperability Motivation • Provide status on defining security for SRDevs and discuss IEEE standard compliance and interoperability
Agenda • Introduction of Security Definitions • Current Status and Questions • Standard Compliance and Interoperability
Security Definitions • Security Verification • Procedures of verification of ranging sessions to ensure secure ranging transaction • PHY layer and MAC layer (Clause 9) • Security Levels • Definition of SRDev Security Levels with respect to entropy bits of security (as mandated by IEEE standards) • Security Proofs • Definition of threat model for analysis • Resistance to known attacks such as Cicada, Early/Detect & Late Commit, Preamble Injection, Guess-and-Compensate, First path injection, etc. • Investigation of new attacks (if appropriate)
Standard Compliance & Interoperability • Standard compliance • Ensure precise security definitions forthreat analysis • E.g., IEEE 802.11az Secure Ranging • 11-17-1122-00-00az-cp-replay-threat-model-for-11az.docx • Interoperability • Precisely defined security is a must for interoperability between vendors • Precisely defined security is a must for application-level standards (e.g., ISO/ECMA)
Summary and Conclusions • Security definitions need to be carefully elaboratedfor standard compliance and interoperability • Preliminary analysis of STS-based schemes raise security concerns